Docker Install
Estimated time: < 15 minutes
Docker deployment not intended for production
This Docker deployment is intended for small-medium size deployments or for testing purposes ONLY, and should not be used for more than 600 active mailboxes. If you'd like to activate more than 600 mailboxes, use the AWS Cloud-native deployment or Sublime Cloud, which can support any number of mailboxes.
Other limitations apply, see: Docker-Limitations
Requirements
Review Docker Requirements and Limitations
Setup
One-line install
Copy the command below to the clipboard, then paste it into a bash terminal on macOS or Linux:
curl -sL https://sublime.security/install.sh | sh
Alternatively, you can follow our Manual Installation: Docker guide.
SSL
To enable SSL for your installation via Nginx and certbot, follow the steps below.
1. Set up your domain
- Register your domain if you don't already have one, or use a subdomain.
- Create an A record to point to your VPS/host.
- Verify your A record has propagated. Run this in your terminal:
dig YOUR_DOMAIN A
2. Configure Sublime
- Navigate to your
sublime-platformdirectory. - Run
cp certbot.env.example certbot.env - Edit
certbot.envwith your domain and the email associated with it. - Create a file called
sublime.envwith the following contents (replaceYOUR_DOMAIN_HEREwith the domain you registered in step 1).
CORS_ALLOW_ORIGINS=https://YOUR_DOMAIN_HERE
BASE_URL=https://YOUR_DOMAIN_HERE
DASHBOARD_PUBLIC_BASE_URL=https://YOUR_DOMAIN_HERE
API_PUBLIC_BASE_URL=https://YOUR_DOMAIN_HERE
Note: The URLs for these environment variables should not include a port. For example, if you're hosting Sublime at sublime.example.com, the configured URLs should be https://sublime.example.com, without any port.
- Ensure that ports 80 and 443 are open to the web. This is necessary for
certbotto create your LetsEncrypt certs. - Re-run the install script:
clone_platform=false ./install-and-launch.sh
Using a proxy
If you want to set up a proxy in front of Sublime (e.g., nginx), it's important to note that Sublime's frontend and API are served on different ports when using Docker Compose. The frontend is served on port 3000 while the API is served on port 8000.
This means you should configure your proxy to proxy all API requests (requests with paths starting with /v0/ or /v1/) to port 8000 and all other requests to port 3000. Allow requests to port 8110 to pass through.
Also be certain to update the configuration in your sublime.env file to reflect the hostname for your proxy. See step 2 of Manual Installation: Docker for more information.
By default for security reasons, any Sublime features which leverage client IP address (e.g. IP Allow List and Audit Log) will prefer the using the first value from the X-Forwarded-For header.
- If you're not using a Proxy, you may add
IP_DETECTION=REMOTE_ADDRto strictly use the remote address and ignore the header. - You may also set
IP_DETECTION=X-FORWARDED-TRUST-LASTto prefer using last value of theX-Forwarded-Forheader.
How to update
Automatic updates
If you deployed Sublime with one of our scripts, you may have enabled automatic updates (using Cron), which run nightly. If you want to manually update your Sublime Platform then follow the steps below.
-
Navigate to your
sublime-platformdirectory. -
Copy and paste the appropriate shell commands below depending on how you setup Sublime. This will update your Github repo, then pull the latest images from Docker Hub and restart your instances:
docker compose down; git pull; docker compose pull; docker compose up -d;
docker compose --profile letsencrypt down; git pull; docker compose --profile letsencrypt pull --include-deps; docker compose --profile letsencrypt up -d;
Deploying to AWS EC2
If you deploy the Docker deployment to EC2, you must allow ports 3000 and 8000 ingress in the VPC's security group.
Support
If you run into any issues or have questions, send us an email or post in the Slack community.
Updated about 1 month ago